Hackers, Script Kiddies, Black Hatters, and Crackers exist. To pretend they don’t would be foolish and in the long run could cost you and your online business tons of money.
Imagine having your database of all your current members/visitors’ information fall into the wrong hands. Depending on the sensitivity of what you are storing you can be up a major creek without a paddle. Imagine your loyal customer’s credit card information and personal information being used to steal their identity and later investigations find out that because of your lack of security that made your customers vulnerable. Not only do you have PR nightmare on your hands, but soon you’ll be drowning in legal lawsuits.
Securing your databases, your customer’s sensitive information, and your proprietary information is a must for all companies. Unfortunately what happens in most online businesses is they never have a single person solely responsible for this enormous task? Here is a quick guide to deal quickly with an online security breach.
1. The First and foremost thing you have to do is change ALL your passwords. Don’t change them all to the same password either, since depending on the security concern the perpetrators may have installed a script or program that reads password files inside your system that you may be unaware of. By having multiple passwords it minimizes the damage a cracker can do once they gain access to the password.
For an online business the first thing to do is change all the major administration control panel passwords, ftp passwords. (Also make sure you never write down your passwords and leave it in plain view).
2. The very next step is to go into each one of your databases and change the passwords and if necessary the usernames. This is going to be very time consuming and will create a good deal of downtime. You will have to go into ALL of your web scripts and change the passwords accordingly as well. So give a warning to everyone that needs to know.
3. Resetting all the email account passwords will minimize the risk a cracker having access to an email account that has sensitive information.
4. Find out how they got into your system in the first place. This is going to be the longest and most crucial part. You will have to scavenge through long list of log files. Once you figure how they got in, make sure there is no way they can ever get back. Depending on the skill level of the programmer they should know all the fail points that can occur and have, in place, a security breach scenario.
5. Alert the necessary law enforcement and give notice to your customers if their information was made vulnerable or compromised!
6. The final step, but really a step that should be done on a continuous basis, is to make sure your entire computer’s software is up to date. Most attacks happen on systems that do not have the latest version of software, which most of the time comes with additional security patches that have been found to be necessary. The easiest way for a cracker to get into your computer system is to find out what version of a particular software you are using, go to the security portals and find the bugs that were in the software and utilize them.
In Part 2 I describe an online database scenario that can lead to disastrous results.
What to Do With an Online Security Breach? Part 1
Imagine having your database of all your current members/visitors’ information fall into the wrong hands. Depending on the sensitivity of what you are storing you can be up a major creek without a paddle. Imagine your loyal customer’s credit card information and personal information being used to steal their identity and later investigations find out that because of your lack of security that made your customers vulnerable. Not only do you have PR nightmare on your hands, but soon you’ll be drowning in legal lawsuits.
Securing your databases, your customer’s sensitive information, and your proprietary information is a must for all companies. Unfortunately what happens in most online businesses is they never have a single person solely responsible for this enormous task? Here is a quick guide to deal quickly with an online security breach.
1. The First and foremost thing you have to do is change ALL your passwords. Don’t change them all to the same password either, since depending on the security concern the perpetrators may have installed a script or program that reads password files inside your system that you may be unaware of. By having multiple passwords it minimizes the damage a cracker can do once they gain access to the password.
For an online business the first thing to do is change all the major administration control panel passwords, ftp passwords. (Also make sure you never write down your passwords and leave it in plain view).
2. The very next step is to go into each one of your databases and change the passwords and if necessary the usernames. This is going to be very time consuming and will create a good deal of downtime. You will have to go into ALL of your web scripts and change the passwords accordingly as well. So give a warning to everyone that needs to know.
3. Resetting all the email account passwords will minimize the risk a cracker having access to an email account that has sensitive information.
4. Find out how they got into your system in the first place. This is going to be the longest and most crucial part. You will have to scavenge through long list of log files. Once you figure how they got in, make sure there is no way they can ever get back. Depending on the skill level of the programmer they should know all the fail points that can occur and have, in place, a security breach scenario.
5. Alert the necessary law enforcement and give notice to your customers if their information was made vulnerable or compromised!
6. The final step, but really a step that should be done on a continuous basis, is to make sure your entire computer’s software is up to date. Most attacks happen on systems that do not have the latest version of software, which most of the time comes with additional security patches that have been found to be necessary. The easiest way for a cracker to get into your computer system is to find out what version of a particular software you are using, go to the security portals and find the bugs that were in the software and utilize them.
In Part 2 I describe an online database scenario that can lead to disastrous results.